12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621620465 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1498 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621620330 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x108c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621619957 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x108c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621619721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60053 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621620467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60053 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621620466 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1498 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621644 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A179 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621643 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A179 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 60054 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621642 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A179 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 60054 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 60054 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 60054 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621895 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A3C8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621894 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A4D8 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621621893 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A520 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=1621621892 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=1621621891 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by Ownership SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=1621621890 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621889 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A5AD Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621888 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60058 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 60058 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60057 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60057 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621882 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A520 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.14 Source Port: 60056 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621881 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A520 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 60056 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60056 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: 0.0.0.0 Source Port: 60056 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621877 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A4D8 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621876 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A4D8 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621621875 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1A3C8 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {B767A44D-180C-9D39-C17A-E8F70ECC366B} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::b574:557a:2d92:ce61 Source Port: 60055 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621621874 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A3C8 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60055 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60055 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 1268 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Source Address: :: Source Port: 60055 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621621898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60060 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60060 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418591 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1388 Process Name: C:\Windows\System32\conhost.exe Exit Status: 0x0 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418590 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1784 Process Name: C:\Windows\System32\SIHClient.exe Exit Status: 0x0 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418589 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1388 New Process Name: C:\Windows\System32\conhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x1784 Creator Process Name: C:\Windows\System32\SIHClient.exe Process Command Line: \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418588 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1784 New Process Name: C:\Windows\System32\SIHClient.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4a0 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\System32\sihclient.exe Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 52954 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49163 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 52542 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52376 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 54703 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60061 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60061 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 53945 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621622827 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1A5AD Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60062 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60062 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621622945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60063 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60063 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418594 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1874 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418593 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x750 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:40:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418592 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x750 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418596 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1058 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60064 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60064 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418595 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1874 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418599 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x50c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418598 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x50c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418597 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1058 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 138 Destination Address: 10.0.1.255 Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:40:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 138 Destination Address: 10.0.1.255 Destination Port: 138 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418601 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xb10 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:40:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418600 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb10 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418604 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x14f8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418603 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1bb0 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:40:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418602 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1bb0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418605 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x14f8 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60065 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60065 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621623961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60066 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60066 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60067 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60067 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:40:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=1621624398 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: NT AUTHORITY\NETWORK SERVICE Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E4 Network Information: Object Type: File Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60068 Share Information: Share Name: \\*\IPC$ Share Path: Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60068 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60068 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 4 Application Name: System Network Information: Source Address: :: Source Port: 60068 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60069 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60069 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60070 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60070 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621624711 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x200 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621624710 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x200 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621625219 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x87c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621624858 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x358 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621624713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621624712 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x358 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621626107 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x88c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621625677 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1520 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621625620 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1520 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60071 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60071 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621625221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621625220 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x87c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621627220 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x151c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621626727 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x3b4 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621626654 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3b4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621626429 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x88c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621626375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621627595 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x151c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621627890 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1FB21 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621627889 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC1FB21 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 60072 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621627888 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC1FB21 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 60072 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 60072 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:41:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621627885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 60072 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60073 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60073 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60074 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60074 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 53215 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 62301 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51961 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49312 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60075 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60075 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60076 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621628946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60076 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621629167 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC20372 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621629166 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC2039A Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5145 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Detailed File Share OpCode=Info RecordNumber=1621629165 Keywords=Audit Success Message=A network share object was checked to see whether client can be granted desired access. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC203E1 Network Information: Object Type: File Source Address: 10.0.1.15 Source Port: 52882 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Relative Target Name: attackrange.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Access Request Information: Access Mask: 0x120089 Accesses: READ_CONTROL SYNCHRONIZE ReadData (or ListDirectory) ReadEA ReadAttributes Access Check Results: READ_CONTROL: Granted by D:(A;;0x1200a9;;;WD) SYNCHRONIZE: Granted by D:(A;;0x1200a9;;;WD) ReadData (or ListDirectory): Granted by D:(A;;0x1200a9;;;WD) ReadEA: Granted by D:(A;;0x1200a9;;;WD) ReadAttributes: Granted by D:(A;;0x1200a9;;;WD) 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=1621629164 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC203E1 Network Information: Object Type: File Source Address: 10.0.1.15 Source Port: 52882 Share Information: Share Name: \\*\SYSVOL Share Path: \??\C:\Windows\SYSVOL\sysvol Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621629163 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC203E1 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {5D3B2DA5-280B-96C7-8BC3-C5D5C82A8A09} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.15 Source Port: 52882 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52882 Destination Address: 10.0.1.14 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=4418608 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x566579 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418607 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0x566579 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {44295184-80AB-1997-EE41-0116FEB6B299} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 0 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=4418606 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x566579 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621629087 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC2039A Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {CBBC8843-83E2-F699-1D0D-8B249B6942B2} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.15 Source Port: 52881 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52881 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49314 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621629084 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC20372 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {CBBC8843-83E2-F699-1D0D-8B249B6942B2} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.15 Source Port: 52880 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52880 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621629082 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC20308 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {CBBC8843-83E2-F699-1D0D-8B249B6942B2} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.15 Source Port: 52879 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52879 Destination Address: 10.0.1.14 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 896 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52878 Destination Address: 10.0.1.14 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49313 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49791 Destination Address: 10.0.1.14 Destination Port: 49666 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60077 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60077 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418611 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xd80 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418610 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x424 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:41:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418609 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x424 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418614 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1bc0 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418613 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1bc0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60078 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60078 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418612 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xd80 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:41:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418616 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x3b0 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:41:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418615 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3b0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 0 Destination Address: 10.0.1.14 Destination Port: 8 Protocol: 1 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418618 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1808 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418617 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1808 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418622 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x110c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418621 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x110c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418620 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x104c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418619 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x104c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60079 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60079 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621629929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60080 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60080 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621630283 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC203E1 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:41:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60081 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:41:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60081 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60082 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60082 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60083 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60083 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621631038 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x3fc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621630904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621630903 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3fc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621631123 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x79c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621631055 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1268 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621631044 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1268 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621632110 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x16cc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621631714 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1588 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621631458 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1588 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60084 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60084 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621631371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621631370 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x79c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621632363 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1458 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621632210 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1458 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621632209 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x16cc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621632624 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1128 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621632623 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1128 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621632556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621633424 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC23D81 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621633423 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC23D81 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 60085 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621633422 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC23D81 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 60085 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 60085 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 60085 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60086 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60086 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60087 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60087 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621633989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60088 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60088 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5140 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=File Share OpCode=Info RecordNumber=1621634294 Keywords=Audit Success Message=A network share object was accessed. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC2443A Network Information: Object Type: File Source Address: 10.0.1.15 Source Port: 52895 Share Information: Share Name: \\*\IPC$ Share Path: Access Request Information: Access Mask: 0x1 Accesses: ReadData (or ListDirectory) 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621634293 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Delegation New Logon: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC2443A Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {CBBC8843-83E2-F699-1D0D-8B249B6942B2} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 10.0.1.15 Source Port: 52895 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:42:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52895 Destination Address: 10.0.1.14 Destination Port: 445 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60089 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60089 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60090 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60090 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418625 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x11a0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418624 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1734 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418623 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1734 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621634680 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC2443A Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418628 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x4c8 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418627 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x4c8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418626 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x11a0 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418630 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1b14 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418629 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1b14 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60091 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60091 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418632 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x10d8 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418631 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x10d8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418636 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x18d8 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418635 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x18d8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418634 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x18bc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:42:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418633 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x18bc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60092 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60092 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621634984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60093 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60093 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418638 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x56DACC Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: 72.43.121.35 Source Port: 0 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=4418637 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x56DACC Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4776 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Credential Validation OpCode=Info RecordNumber=1621635236 Keywords=Audit Success Message=The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: Administrator Source Workstation: Error Code: 0x0 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52902 Destination Address: 10.0.1.14 Destination Port: 49672 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 896 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52901 Destination Address: 10.0.1.14 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49315 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418649 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F562 Process Information: New Process ID: 0xd00 New Process Name: C:\Windows\System32\dwm.exe Token Elevation Type: %%1938 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x18f4 Creator Process Name: C:\Windows\System32\winlogon.exe Process Command Line: "dwm.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=4418648 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F562 Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=4418647 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F52B Privileges: SeAssignPrimaryTokenPrivilege SeAuditPrivilege SeImpersonatePrivilege 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418646 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: Yes Elevated Token: No Impersonation Level: Impersonation New Logon: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F562 Linked Logon ID: 0x56F52B Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x18f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418645 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Logon Information: Logon Type: 2 Restricted Admin Mode: - Virtual Account: Yes Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F52B Linked Logon ID: 0x56F562 Network Account Name: - Network Account Domain: - Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x18f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4648 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418644 Keywords=Audit Success Message=A logon was attempted using explicit credentials. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: DWM-3 Account Domain: Window Manager Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x18f4 Process Name: C:\Windows\System32\winlogon.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418643 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1098 New Process Name: C:\Windows\System32\LogonUI.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x18f4 Creator Process Name: C:\Windows\System32\winlogon.exe Process Command Line: "LogonUI.exe" /flags:0x2 /state0:0xa3a2d055 /state1:0x41c64e6d Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418642 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xc40 Process Name: C:\Windows\System32\smss.exe Exit Status: 0x0 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418641 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x18f4 New Process Name: C:\Windows\System32\winlogon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xc40 Creator Process Name: C:\Windows\System32\smss.exe Process Command Line: winlogon.exe Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418640 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x195c New Process Name: C:\Windows\System32\csrss.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xc40 Creator Process Name: C:\Windows\System32\smss.exe Process Command Line: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418639 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xc40 New Process Name: C:\Windows\System32\smss.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x144 Creator Process Name: C:\Windows\System32\smss.exe Process Command Line: \SystemRoot\System32\smss.exe 00000108 0000007c Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=4418652 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x57521C Privileges: SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418651 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Logon Information: Logon Type: 10 Restricted Admin Mode: No Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x57521C Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3FE52089-607A-C7A1-D1FD-98ACD491D39B} Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\svchost.exe Network Information: Workstation Name: WIN-HOST-987 Source Network Address: 72.43.121.35 Source Port: 0 Detailed Authentication Information: Logon Process: User32 Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4648 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=4418650 Keywords=Audit Success Message=A logon was attempted using explicit credentials. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: Administrator Account Domain: ATTACKRANGE Logon GUID: {3FE52089-607A-C7A1-D1FD-98ACD491D39B} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x4a0 Process Name: C:\Windows\System32\svchost.exe Network Information: Network Address: 72.43.121.35 Port: 0 This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4769 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Kerberos Service Ticket Operations OpCode=Info RecordNumber=1621635347 Keywords=Audit Success Message=A Kerberos service ticket was requested. Account Information: Account Name: Administrator@ATTACKRANGE.LOCAL Account Domain: ATTACKRANGE.LOCAL Logon GUID: {3FE52089-607A-C7A1-D1FD-98ACD491D39B} Service Information: Service Name: WIN-HOST-987$ Service ID: ATTACKRANGE\WIN-HOST-987$ Network Information: Client Address: ::ffff:10.0.1.15 Client Port: 52906 Additional Information: Ticket Options: 0x40810000 Ticket Encryption Type: 0x12 Failure Code: 0x0 Transited Services: - This event is generated every time access is requested to a resource such as a computer or a Windows service. The service name indicates the resource to which access was requested. This event can be correlated with Windows logon events by comparing the Logon GUID fields in each event. The logon event occurs on the machine that was accessed, which is often a different machine than the domain controller which issued the service ticket. Ticket options, encryption types, and failure codes are defined in RFC 4120. 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52906 Destination Address: 10.0.1.14 Destination Port: 88 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4768 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Kerberos Authentication Service OpCode=Info RecordNumber=1621635345 Keywords=Audit Success Message=A Kerberos authentication ticket (TGT) was requested. Account Information: Account Name: Administrator Supplied Realm Name: attackrange.local User ID: ATTACKRANGE\Administrator Service Information: Service Name: krbtgt Service ID: ATTACKRANGE\krbtgt Network Information: Client Address: ::ffff:10.0.1.15 Client Port: 52905 Additional Information: Ticket Options: 0x40810010 Result Code: 0x0 Ticket Encryption Type: 0x12 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options, encryption types and result codes are defined in RFC 4120. 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52905 Destination Address: 10.0.1.14 Destination Port: 88 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52904 Destination Address: 10.0.1.14 Destination Port: 88 Protocol: 6 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49316 Destination Address: 10.0.1.14 Destination Port: 389 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418666 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x80c New Process Name: C:\Windows\System32\dllhost.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x2dc Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\system32\DllHost.exe /Processid:{133EAC4F-5891-4D04-BADA-D84870380A80} Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418665 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x194c New Process Name: C:\Windows\System32\taskhostw.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4a0 Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: taskhostw.exe Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418664 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x195c Process Name: C:\Windows\System32\csrss.exe Exit Status: 0x0 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418663 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x18f4 Process Name: C:\Windows\System32\winlogon.exe Exit Status: 0x0 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=4418662 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F52B Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=4418661 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F562 Logon Type: 2 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418660 Keywords=Audit Success Message=A process has exited. Subject: Security ID: Window Manager\DWM-3 Account Name: DWM-3 Account Domain: Window Manager Logon ID: 0x56F562 Process Information: Process ID: 0xd00 Process Name: C:\Windows\System32\dwm.exe Exit Status: 0xD00002FE 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418659 Keywords=Audit Success Message=A process has exited. Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x8CDA4 Process Information: Process ID: 0x1074 Process Name: C:\Windows\System32\AtBroker.exe Exit Status: 0x1 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418658 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1098 Process Name: C:\Windows\System32\LogonUI.exe Exit Status: 0x0 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418657 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x8CDA4 Process Information: New Process ID: 0x1074 New Process Name: C:\Windows\System32\AtBroker.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0xfe0 Creator Process Name: C:\Windows\System32\winlogon.exe Process Command Line: atbroker.exe Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418656 Keywords=Audit Success Message=A process has exited. Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x8CDA4 Process Information: Process ID: 0xbd4 Process Name: C:\Windows\System32\rdpclip.exe Exit Status: 0x0 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=4418655 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x57521C Logon Type: 10 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418654 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\NETWORK SERVICE Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E4 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x8CDA4 Process Information: New Process ID: 0xbd4 New Process Name: C:\Windows\System32\rdpclip.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x39c Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: rdpclip Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418653 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x8CDA4 Process Information: New Process ID: 0x458 New Process Name: C:\Windows\System32\TSTheme.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\High Mandatory Level Creator Process ID: 0x2dc Creator Process Name: C:\Windows\System32\svchost.exe Process Command Line: C:\Windows\system32\TSTheme.exe -Embedding Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 53426 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 61402 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 52154 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51436 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 65111 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51300 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 49857 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 51574 Destination Address: 10.0.0.2 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 57152 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:42:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60094 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60094 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418667 Keywords=Audit Success Message=A process has exited. Subject: Security ID: ATTACKRANGE\Administrator Account Name: Administrator Account Domain: ATTACKRANGE Logon ID: 0x8CDA4 Process Information: Process ID: 0x458 Process Name: C:\Windows\System32\TSTheme.exe Exit Status: 0x0 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60095 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60095 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60096 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60096 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621635949 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x15b4 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621635948 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x15b4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621635944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621636929 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x45c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621636358 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x3d4 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621636118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621636117 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x3d4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621639292 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1534 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621639001 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1534 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621638100 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xb20 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621638000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621637750 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xb20 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621637204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621637203 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x45c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621639566 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1240 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621639565 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1240 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621639586 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x10b8 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621639585 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x10b8 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60097 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621639583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60097 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621640202 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC28167 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621640201 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC28167 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 60098 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621640200 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC28167 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 60098 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 60098 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 60098 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60099 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60099 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60100 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60100 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:22 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418668 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x194c Process Name: C:\Windows\System32\taskhostw.exe Exit Status: 0x0 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60101 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60101 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621640967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418669 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x80c Process Name: C:\Windows\System32\dllhost.exe Exit Status: 0x0 12/15/2021 08:43:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60102 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60102 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60103 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60103 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418672 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x7f0 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418671 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x19dc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:43:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418670 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x19dc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418674 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x18bc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418673 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x7f0 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418677 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1148 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418676 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1148 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60104 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60104 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418675 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x18bc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.0.1.15 Source Port: 0 Destination Address: 10.0.1.14 Destination Port: 8 Protocol: 1 Filter Information: Filter Run-Time ID: 66884 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418679 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1afc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418678 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1afc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418681 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x113c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:43:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418680 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x113c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418683 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xf38 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:43:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418682 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xf38 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60105 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60105 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60106 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60106 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:43:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621641978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60107 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:43:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60107 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60108 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60108 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60109 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60109 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:12 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621642425 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x904 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621642399 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x904 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621642934 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1430 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621642879 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1430 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621642538 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x760 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621642431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621642430 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x760 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621644426 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x844 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621644374 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x844 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621644025 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x7cc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621643655 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x7cc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621643040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621644626 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1234 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621644619 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1234 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60110 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:16 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60110 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621645276 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xcbc Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621645072 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xcbc New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:17 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621644963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621645403 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC2C3A0 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621645402 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC2C3A0 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: ::1 Source Port: 60111 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621645401 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC2C3A0 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 60111 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 60111 Destination Address: ::1 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2388 Application Name: \device\harddiskvolume1\windows\adws\microsoft.activedirectory.webservices.exe Network Information: Source Address: :: Source Port: 60111 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:18 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:19 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60112 Destination Address: 10.0.1.12 Destination Port: 8089 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:20 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60112 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60113 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:21 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60113 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:23 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:24 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:25 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:26 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60114 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:27 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60114 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621645905 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC2CA3C Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621645904 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC2CA3C Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::b574:557a:2d92:ce61 Source Port: 60117 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621645903 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC2CA3C Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60117 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2428 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60117 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2428 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 60117 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621645899 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC2C9D0 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4624 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logon OpCode=Info RecordNumber=1621645898 Keywords=Audit Success Message=An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Information: Logon Type: 3 Restricted Admin Mode: - Virtual Account: No Elevated Token: Yes Impersonation Level: Impersonation New Logon: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE.LOCAL Logon ID: 0xAC2C9D0 Linked Logon ID: 0x0 Network Account Name: - Network Account Domain: - Logon GUID: {3A0E763C-DBA1-C1F7-A9B6-0F5776BF150F} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: - Source Network Address: fe80::b574:557a:2d92:ce61 Source Port: 60116 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The impersonation level field indicates the extent to which a process in the logon session can impersonate. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4672 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Special Logon OpCode=Info RecordNumber=1621645897 Keywords=Audit Success Message=Special privileges assigned to new logon. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0xAC2C9D0 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege SeDelegateSessionUserImpersonatePrivilege SeEnableDelegationPrivilege 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 628 Application Name: \device\harddiskvolume1\windows\system32\lsass.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60116 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2428 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60116 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 389 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2428 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 60116 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 896 Application Name: \device\harddiskvolume1\windows\system32\svchost.exe Network Information: Direction: Inbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60115 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2428 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Direction: Outbound Source Address: fe80::b574:557a:2d92:ce61 Source Port: 60115 Destination Address: fe80::b574:557a:2d92:ce61 Destination Port: 135 Protocol: 6 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2428 Application Name: \device\harddiskvolume1\windows\system32\dfsrs.exe Network Information: Source Address: :: Source Port: 60115 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:28 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4634 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Logoff OpCode=Info RecordNumber=1621645976 Keywords=Audit Success Message=An account was logged off. Subject: Security ID: ATTACKRANGE\WIN-HOST-987$ Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0xAC20308 Logon Type: 3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer. 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:29 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:30 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621645977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:31 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60118 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:32 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60118 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:33 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:34 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:35 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:36 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:37 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60119 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60119 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:38 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:39 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:40 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:41 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418686 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x5f4 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418685 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1008 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Exit Status: 0x1 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418684 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1008 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:42 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418688 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x198c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60120 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60120 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:43 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418687 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x5f4 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe Exit Status: 0x1 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418691 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x1820 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Exit Status: 0x1 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418690 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x1820 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:44 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418689 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x198c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646581 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646580 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646579 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:45 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418693 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x630 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:44:46 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418692 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x630 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418696 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x131c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418695 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x870 Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:44:47 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=4418694 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x870 New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0x4ac Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-host-987.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=4418697 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-HOST-987$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x131c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe Exit Status: 0x1 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60121 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60121 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:48 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:49 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:50 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 53895 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 53895 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 53895 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 62182 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 53895 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: 10.0.1.14 Source Port: 50300 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65787 Layer Name: Receive/Accept Layer Run-Time ID: 44 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 50300 Destination Address: 10.0.1.14 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65789 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 50300 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 50300 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 51119 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 62084 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 50465 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 50465 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 50465 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 50465 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: 0.0.0.0 Source Port: 54912 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 62084 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Inbound Source Address: ::1 Source Port: 54438 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65786 Layer Name: Receive/Accept Layer Run-Time ID: 46 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Direction: Outbound Source Address: ::1 Source Port: 54438 Destination Address: ::1 Destination Port: 53 Protocol: 17 Filter Information: Filter Run-Time ID: 65788 Layer Name: Connect Layer Run-Time ID: 50 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 54438 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 38 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 3040 Application Name: \device\harddiskvolume1\windows\system32\dns.exe Network Information: Source Address: :: Source Port: 54438 Protocol: 17 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646793 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:51 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:52 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:53 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60122 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:54 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60122 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:55 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647017 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647016 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:56 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621646984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:57 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:58 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60123 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:44:59 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60123 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:00 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:01 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:02 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:03 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:04 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60124 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:05 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60124 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:06 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:07 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:08 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647440 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647439 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647438 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647437 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647436 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2500 Application Name: \device\harddiskvolume1\users\public\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49675 Destination Address: 10.0.1.12 Destination Port: 7010 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647435 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647434 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647433 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647432 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647431 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647430 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647429 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647428 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647427 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647426 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647425 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647424 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647423 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647422 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647421 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647420 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647419 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647418 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647417 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647416 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647415 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647414 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647413 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647412 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647411 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647410 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647409 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647408 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647407 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647406 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:09 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647484 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647483 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647482 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647481 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647480 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647479 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647478 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647477 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647476 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647475 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647474 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647473 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647472 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647471 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647470 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647469 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647468 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647467 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647466 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647465 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647464 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647463 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647462 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647461 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647460 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647459 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647458 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647457 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647456 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647455 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647454 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647453 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647452 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647451 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647450 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647449 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647448 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647447 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647446 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647445 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647444 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647443 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647442 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60125 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:10 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647441 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60125 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647529 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647528 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647527 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647526 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647525 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647524 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647523 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647522 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647521 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647520 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647519 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647518 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647517 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647516 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647515 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647514 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647513 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647512 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647511 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647510 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647509 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647508 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647507 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647506 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647505 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647504 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647503 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647502 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647501 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647500 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647499 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647498 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647497 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647496 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647495 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647494 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647493 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647492 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647491 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647490 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647489 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647488 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647487 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647486 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:11 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647485 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621647580 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0xc3c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621647579 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0xc3c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2 Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647578 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647577 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647576 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647575 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647574 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647573 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647572 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647571 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647570 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647569 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647568 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647567 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647566 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647565 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647564 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647563 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647562 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647561 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647560 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647559 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647558 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647557 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647556 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647555 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647554 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647553 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647552 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647551 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647550 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647549 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647548 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647547 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647546 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647545 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647544 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647543 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647542 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647541 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647540 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647539 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647538 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647537 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647536 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647535 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647534 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647533 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647532 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647531 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:13 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647530 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621648016 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x149c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648015 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648014 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648013 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648012 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648011 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648010 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648009 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648008 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648007 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648006 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648005 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648004 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648003 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648002 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648001 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648000 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647999 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647998 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647997 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647996 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647995 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647994 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647993 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647992 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647991 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647990 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647989 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647988 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647987 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647986 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647985 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647984 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647983 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647982 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647981 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647980 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647979 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647978 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647977 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647976 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647975 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647974 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647973 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647972 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647971 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647970 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647969 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647968 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647967 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647966 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647965 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647964 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647963 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647962 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647961 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647960 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647959 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647958 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647957 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647956 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647955 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647954 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647953 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647952 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647951 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647950 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647949 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647948 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647947 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647946 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647945 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647944 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647943 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647942 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647941 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647940 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647939 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647938 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647937 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647936 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647935 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647934 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647933 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647932 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647931 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647930 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647929 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647928 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647927 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647926 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647925 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647924 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647923 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647922 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647921 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647920 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647919 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647918 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647917 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647916 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647915 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647914 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647913 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647912 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647911 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647910 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647909 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647908 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647907 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647906 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647905 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647904 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647903 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647902 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647901 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647900 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647899 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647898 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647897 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647896 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647895 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647894 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647893 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647892 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647891 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647890 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647889 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647888 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647887 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647886 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647885 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647884 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647883 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647882 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647881 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647880 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647879 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647878 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647877 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647876 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647875 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647874 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647873 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647872 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647871 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647870 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647869 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647868 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647867 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647866 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647865 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647864 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647863 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647862 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647861 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647860 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647859 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647858 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647857 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647856 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647855 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647854 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647853 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647852 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647851 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647850 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647849 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647848 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647847 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647846 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647845 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647844 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647843 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647842 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647841 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647840 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647839 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647838 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647837 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647836 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647835 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647834 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647833 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647832 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647831 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647830 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647829 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647828 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647827 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647826 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647825 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647824 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647823 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647822 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647821 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647820 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647819 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647818 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647817 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647816 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647815 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647814 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647813 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647812 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647811 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647810 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647809 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647808 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647807 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647806 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647805 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647804 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647803 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647802 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647801 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647800 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647799 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647798 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647797 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647796 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647795 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647794 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621647793 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x79c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Exit Status: 0x1 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647792 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647791 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647790 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647789 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647788 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647787 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647786 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647785 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647784 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647783 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647782 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647781 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647780 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647779 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647778 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647777 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647776 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647775 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647774 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647773 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647772 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647771 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647770 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647769 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647768 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647767 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647766 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647765 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647764 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647763 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647762 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647761 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647760 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647759 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647758 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647757 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647756 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647755 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647754 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647753 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647752 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647751 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647750 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647749 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647748 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647747 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647746 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647745 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647744 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647743 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647742 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647741 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647740 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647739 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647738 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647737 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647736 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647735 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647734 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647733 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647732 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647731 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647730 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647729 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647728 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647727 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647726 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647725 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647724 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647723 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647722 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647721 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647720 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647719 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647718 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647717 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647716 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647715 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647714 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647713 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647712 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647711 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647710 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647709 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647708 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647707 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647706 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647705 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647704 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647703 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647702 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647701 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647700 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647699 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647698 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647697 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647696 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647695 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647694 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647693 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647692 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647691 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647690 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647689 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647688 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647687 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647686 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647685 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647684 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647683 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647682 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647681 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647680 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647679 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647678 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647677 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647676 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647675 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647674 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647673 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647672 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647671 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647670 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647669 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647668 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647667 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647666 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647665 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647664 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647663 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647662 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647661 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647660 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647659 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647658 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647657 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647656 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647655 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647654 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647653 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647652 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647651 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647650 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647649 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647648 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647647 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647646 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647645 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647644 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647643 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647642 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647641 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647640 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647639 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647638 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647637 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647636 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647635 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647634 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647633 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647632 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647631 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647630 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647629 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647628 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647627 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647626 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647625 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647624 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647623 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647622 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647621 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647620 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647619 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647618 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647617 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647616 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647615 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647614 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647613 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647612 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647611 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647610 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647609 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647608 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647607 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647606 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647605 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647604 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647603 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647602 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647601 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647600 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647599 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647598 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647597 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647596 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647595 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647594 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647593 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647592 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647591 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647590 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647589 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647588 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647587 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647586 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647585 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647584 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647583 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621647582 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:14 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4688 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Creation OpCode=Info RecordNumber=1621647581 Keywords=Audit Success Message=A new process has been created. Creator Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Target Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Process Information: New Process ID: 0x79c New Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe Token Elevation Type: %%1936 Mandatory Label: Mandatory Label\System Mandatory Level Creator Process ID: 0xa08 Creator Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe Process Command Line: "C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe" Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy. Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account. Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group. Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator. 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648405 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648404 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648403 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648402 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648401 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648400 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648399 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648398 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648397 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648396 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648395 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648394 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648393 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648392 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648391 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648390 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648389 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648388 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648387 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648386 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648385 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648384 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648383 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648382 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648381 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648380 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648379 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648378 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648377 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648376 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648375 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648374 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648373 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648372 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648371 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648370 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648369 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648368 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648367 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648366 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648365 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648364 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648363 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648362 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648361 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648360 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648359 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648358 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648357 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648356 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648355 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648354 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648353 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648352 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648351 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648350 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648349 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648348 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648347 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648346 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648345 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648344 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648343 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648342 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648341 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648340 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648339 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648338 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648337 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648336 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648335 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648334 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648333 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648332 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648331 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648330 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648329 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648328 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648327 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648326 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648325 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648324 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648323 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648322 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648321 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648320 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648319 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648318 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648317 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648316 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648315 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648314 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648313 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648312 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648311 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648310 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648309 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648308 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648307 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648306 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648305 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648304 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648303 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648302 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648301 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648300 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648299 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648298 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648297 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648296 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648295 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648294 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648293 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648292 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648291 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648290 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648289 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648288 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648287 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648286 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648285 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648284 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648283 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648282 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648281 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648280 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648279 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648278 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648277 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648276 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648275 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648274 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648273 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648272 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648271 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 60126 Destination Address: 10.0.1.12 Destination Port: 8000 Protocol: 6 Filter Information: Filter Run-Time ID: 68192 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5158 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648270 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a bind to a local port. Application Information: Process ID: 2816 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\etc\apps\splunk_ta_stream\windows_x86_64\bin\streamfwd.exe Network Information: Source Address: 0.0.0.0 Source Port: 60126 Protocol: 6 Filter Information: Filter Run-Time ID: 0 Layer Name: Resource Assignment Layer Run-Time ID: 36 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648269 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648268 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648267 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648266 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648265 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648264 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648263 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648262 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648261 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648260 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648259 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648258 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648257 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648256 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648255 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648254 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648253 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648252 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648251 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648250 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648249 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648248 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648247 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648246 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648245 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648244 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648243 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648242 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648241 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648240 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648239 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648238 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648237 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648236 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648235 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648234 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648233 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648232 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648231 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648230 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648229 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648228 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648227 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648226 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648225 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648224 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648223 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648222 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648221 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648220 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648219 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648218 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648217 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648216 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648215 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648214 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648213 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648212 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648211 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648210 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648209 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648208 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648207 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648206 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648205 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648204 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648203 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648202 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648201 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648200 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648199 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648198 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648197 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648196 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648195 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648194 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648193 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648192 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648191 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648190 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648189 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648188 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648187 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648186 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648185 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648184 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648183 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648182 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648181 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648180 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648179 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648178 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648177 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648176 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648175 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648174 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648173 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648172 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648171 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648170 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648169 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648168 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648167 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648166 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648165 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648164 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648163 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648162 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648161 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648160 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648159 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648158 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648157 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648156 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648155 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648154 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648153 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648152 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648151 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648150 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648149 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648148 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648147 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648146 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648145 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648144 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648143 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648142 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648141 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648140 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648139 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648138 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648137 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648136 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648135 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648134 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648133 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648132 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648131 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648130 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648129 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648128 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648127 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648126 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648125 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648124 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648123 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648122 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648121 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648120 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648119 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648118 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648117 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648116 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648115 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648114 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648113 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648112 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648111 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648110 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648109 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648108 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648107 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648106 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648105 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648104 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648103 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648102 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648101 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648100 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648099 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648098 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648097 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648096 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648095 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648094 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648093 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648092 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648091 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648090 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648089 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648088 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648087 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648086 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648085 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648084 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648083 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648082 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648081 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648080 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648079 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648078 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648077 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648076 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648075 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648074 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648073 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648072 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648071 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648070 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648069 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648068 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648067 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648066 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648065 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648064 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648063 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648062 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648061 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648060 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648059 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648058 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648057 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648056 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648055 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648054 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648053 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648052 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648051 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648050 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648049 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648048 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648047 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648046 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648045 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648044 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648043 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648042 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648041 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648040 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648039 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648038 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648037 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648036 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648035 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648034 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648033 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648032 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648031 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648030 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648029 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648028 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648027 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648026 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648025 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648024 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648023 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648022 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648021 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648020 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648019 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=5156 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Filtering Platform Connection OpCode=Info RecordNumber=1621648018 Keywords=Audit Success Message=The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 2568 Application Name: \device\harddiskvolume1\program files\splunkuniversalforwarder\bin\splunkd.exe Network Information: Direction: Outbound Source Address: 10.0.1.14 Source Port: 49693 Destination Address: 10.0.1.12 Destination Port: 9997 Protocol: 6 Filter Information: Filter Run-Time ID: 68196 Layer Name: Connect Layer Run-Time ID: 48 12/15/2021 08:45:15 PM LogName=Security SourceName=Microsoft Windows security auditing. EventCode=4689 EventType=0 Type=Information ComputerName=win-dc-128.attackrange.local TaskCategory=Process Termination OpCode=Info RecordNumber=1621648017 Keywords=Audit Success Message=A process has exited. Subject: Security ID: NT AUTHORITY\SYSTEM Account Name: WIN-DC-128$ Account Domain: ATTACKRANGE Logon ID: 0x3E7 Process Information: Process ID: 0x149c Process Name: C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe Exit Status: 0x1